Discord file links are now only valid for 24 hours

If you’re using Discord to host files, we’ve some bad news for you. The company announced it is switching to temporary file links to combat malware distribution. Discord file links will expire after a day, meaning users should look for another hosting service. The transition takes effect by the end of the year.

Discord worries that bad actors use its CDN (content delivery network) to distribute malware. To address this, the service is limiting the validity of its links to 24 hours to create a “safer and more secure experience for users.” Discord added that this approach would help them “restrict access to flagged content” and reduce malware distribution through CDN.

The change only affects users who use Discord to host files, as the links now expire after a day. The company recommends affected users to look for a suitable service. As Discord noted, “There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto refreshed.”

Discord links will expire after a day by the end of 2023

If you’re an affected user, you still have time to complete the transition to a new service, as the change will roll out later this year. Discord added that developers might see a “minimal impact,” and the company will release more information to developers in the coming weeks.

According to the Discord development team, CDN URLs will get ex, is, and hm parameters to improve the CDN’s security. These parameters could add expiration timestamps and unique signatures to links and remain valid until the links expire. “Once authentication enforcement begins later this year, links with a given signature (hm) will remain valid until the expiration timestamp (ex).” the company stated.

Discord has been a primary venue for bad actors to distribute malware, and the change could put a ban on that. The cybersecurity company Trellix already reported that around 10,000 malware are being found at Discord CDN. Trellix added some well-known malware families like Agent Tesla, UmbralStealer, and Stealerium have previously relied on Discord webhooks to exploit users.